Skillv1.0.3

ClawScan security

Trinity Evolution Engine · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousApr 30, 2026, 9:08 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated behavior (local-only analysis) is plausible but the runtime instructions expect a Python script (trinity_v15.py) that is not included, and the instructions are vague about what local files will be read — this mismatch and lack of code raises safety concerns.
Guidance: Do not run this skill as-is. The SKILL.md tells you to run a local Python script (trinity_v15.py) that is not included in the package — you would need that code to validate behavior. Before installing or running: 1) ask the publisher for the exact script and a trusted source (repo link, release tag, or signed artifact); 2) review the script to confirm it only opens intended local files, has no network calls, and does not exfiltrate secrets; 3) run it first in an isolated environment (VM/container) and with least privilege; 4) verify the author's homepage/identity (the provided URL is malformed) and prefer published releases on a known host (GitHub repo with commits); 5) if you cannot review the code, do not grant it access to sensitive directories or credentials. These steps will reduce risk because the manifest alone is insufficient to ensure the claimed 'local-only' behavior.

Purpose & Capability: noteRequesting the python binary is consistent with a data-analysis tool, but the SKILL.md tells the agent to run `python trinity_v15.py` while no code files are packaged. That omission (missing script) is a significant inconsistency: either the skill expects external artifacts or the package is incomplete.
Instruction Scope: concernInstructions claim 'pure local analysis, no network' but are vague about which local files to read (mentions '交互记录' / interaction logs). A Python script (not provided) would have full discretion to read arbitrary files, access the network, or transmit data — the prose constraint cannot be enforced without reviewing the actual script. The homepage URL in metadata is malformed and gives no verifiable source.
Install Mechanism: okNo install spec and no code files are provided, so nothing is written to disk by the skill installer itself. That minimizes installer risk, but pushes the runtime risk into the missing script.
Credentials: okNo environment variables, credentials, or config paths are requested — this is proportionate. However, because the script is missing, we cannot confirm that runtime behavior will respect this.
Persistence & Privilege: okThe skill is not marked always:true and uses default invocation rules. It does not request system-wide persistence in the manifest.